Electronic value system

ABSTRACT

An electronic value amount of an electronic bank account and an electronic value amount stored in user identification module UIM in mobile station MS are each stored in an electronic bank server EBS, and updated by the server when either amount changes as a result of transaction.

TECHNICAL FIELD

[0001] The present invention relates to an electronic value system forperforming electronic transactions by utilizing electronic values.

BACKGROUND ART

[0002] Various systems exist for performing cashless shopping. Thesesystems utilize so-called electronic money (hereafter referred to as anelectronic value). However, since an electronic value is comprised ofdata, there is a danger that such a value may be improperly used ormanipulated by unauthorized persons posing as claimants or owners. It istherefore necessary to devise an operating system which is able toprovide security for cashless transactions, and to prevent problems ofmisuse and fraud.

[0003] However, in providing such a system a drawback is encountered inthat transactions become more complicated and time consuming, and lessefficient.

DISCLOSURE OF INVENTION

[0004] The present invention has been made with a view to overcoming theabove-mentioned problems, and has as its object the provision of asecure and efficient electronic value system which utilizes acommunication terminal and a server.

[0005] To achieve these aims, the present invention provides anelectronic value system which comprises of a plurality of communicationterminals, acting as an electronic purse, each having a memory forstoring an electronic value and a communication means for performingtransmission and reception of the electronic value to outside nodes. Anelectronic bank account holding means in a server on a network foraccumulating electronic values in an electronic bank account assigned toa user. A transfer means for transferring, via the network, anelectronic value to a memory of one of the electronic communicationterminals from the electronic bank account holding means. A transactionlog notification means which shows transaction details when atransaction using an electronic value by the communication terminal isperformed. A purse balance information management means, provided in thenetwork, for memorizing balance information of an electronic valuestored in a memory of the communication terminal; and updating balanceinformation of an electronic value related to a transaction log uponreceiving a transaction log transmitted from a transaction lognotification means.

[0006] In accordance with the present invention, a purse balanceinformation management means memorizes balance information of anelectronic value in an electronic bank account and the balanceinformation of the electronic value stored in a communication terminalfunctioning as an electronic purse; and updates balance information ofthe electronic value in the communication terminal when transactioncontents change, thereby enabling the detection of any impropertranscription of the electronic value in a communication terminal.

[0007] In the preferred embodiment of the present invention, theplurality of communication terminals in the electronic value systeminclude a first communication terminal and a second communicationterminal, each of which performs transmission and reception of anelectronic value. Wherein the first communication terminal transmits itsown identification information and electronic value stored in the memoryto the second communication terminal; and the second communicationterminal receives the identification information of the electronic valuetransmitted from the first communication terminal and transmits its ownidentification information to the first communication terminal; andwherein the transaction log notification means further transmits theelectronic value amount for which transmission and reception areperformed along with identification information of the first and secondcommunication terminal from either the first communication terminal orthe second communication terminal, at least to the purse balanceinformation management means as a transaction log; and the purse balanceinformation management means updates balance information of theelectronic value based on the transmitted transacted log.

[0008] In accordance with the system of the present invention, when thefirst communication terminal and the second communication terminalperform transmission and reception of an electronic value between eachother, the balance information of an electronic value stored in thecommunication terminal is updated in a transaction log provided byeither the first communication terminal or the second communicationterminal. In other words, the transmission log can be transmitted byeither one of the communication terminals whereby processing efficiencyis improved.

[0009] In the preferred embodiment of the present invention, the firstcommunication terminal and the second communication terminal eachinclude a log accumulation means for accumulating the transaction logrelated to their own transaction, and when either the firstcommunication terminal or the second communication terminal accumulatesthe transaction log equal in volume to a storage capacity by the logaccumulation means, transmission and reception of electronic value tooutside nodes are not performed.

[0010] Also, in another preferred embodiment, the first communicationterminal and the second communication terminal each comprise a logaccumulation means for accumulating the transaction log related to theirown transaction, and when either the first communication terminal or thesecond communication terminal accumulates the transaction logs equal involume to a memory capacity by the log accumulation means, thetransaction logs having a date and time prior to that of a current dateand time are erased during a transaction in which a current transactionlog is accumulated.

[0011] Further, in another preferred embodiment, the first communicationterminal and the second communication terminal comprise the logaccumulation means accumulating the transaction log related to their owntransaction, the transaction log notification means transmits thetransaction log to the purse balance information management means whenaccumulating the transaction log equal in volume to a storage capacityby the log accumulation means in either the first communication terminalor second communication terminal at least.

[0012] In the various embodiments of electronic value system, describedabove, for example, the communication terminal is a mobile communicationterminal stored in a mobile network, the network is a mobile network,and the first communication terminal and second communication terminalcan communicate by radio. Also, a memory of the communication terminalmay be an IC card installed in the communication terminal. Also, thecommunication terminal may attach a transmission date and time to theelectronic value when transmitting the electronic value. Also, thecommunication terminal may provide a security means for performingelectronic authentication, encryption and decryption by using a key forthe electronic value, and an update means to update the key regularlywhen performing transmission and reception of the electronic value.

[0013] Also, the present invention provides an electronic value systemfor performing transmission and reception of an electronic value betweenthe first communication terminal and the second communication terminal,wherein the first communication terminal includes electronic valuesystem comprising a memory for storing the electronic value,identification information of the issuer who issued the electronicvalue, and a digital signature provided by the issuer to theidentification information, and a transmission means for transmittingthe identification information of the issuer and a digital signaturewith the stored electronic value to the second communication terminal,with the second communication terminal including an electronic valuesystem comprising a receiving means for receiving identificationinformation of the issuer and a digital signature, and a confirmationmeans for confirming validity of the first communication terminal byverifying the received digital signature, and by confirming that theelectronic value transmitted from the first communication terminal isissued by the issuer.

[0014] In a related system, when the first communication terminal andthe second communication terminal perform reception and transmission ofan electronic value between each other, on one hand, the firstcommunication terminal adds identification information and a digitalsignature of the issuer to the electronic value for transmission. On theother hand, a second communication terminal confirms the correctness ofthe received electronic value by verifying identification information ofissuer and digital signature. The correctness of the electronic valuewill be confirmed only between the two communication terminals wherebyimproved security and efficiency for an electronic value can beobtained. Also, when the first communication terminal and the secondcommunication terminal perform reception and transmission of anelectronic value between each other, on one hand, the firstcommunication terminal adds identification information and a digitalsignature of the issuer to the electronic value for transmission. On theother hand, a second communication terminal confirms the correctness ofthe received electronic value by verifying identification information ofissuer and digital signature. The correctness of the electronic valuewill be confirmed only between the two communication terminals wherebyimproved security and efficiency for an electronic value can beobtained.

[0015] In the preferred embodiment, the second communication terminalcomprises a memory for storing the electronic value, identificationinformation of the issuer who issued the electronic value, and a digitalsignature transmitted by the issuer for the identification information,and a transmission means for transmitting identification information ofthe issuer stored previously and a digital signature to the firstcommunication terminal further, and the first communication terminalcomprises an obtaining means for obtaining a digital signature providedby the issuer to identification information of the issuer in a memory ofthe second communication terminal, and the identification informationbefore transmitting the electronic value to the second communicationterminal, and a confirmation means for confirming authenticity of thesecond communication terminal by verifying the obtained digitalsignature, and by confirming that the electronic value in memory of thesecond communication terminal is issued by the issuer.

[0016] Also, in the electronic value system, the first communicationterminal and the second communication terminal include a logaccumulation means for accumulating the transaction log related to theirown transaction, and either the first communication terminal or thesecond communication terminal transmits the accumulated transaction logto outside nodes managing balance information of electronic value whichthe first or the second communication terminal memorizes whenaccumulating the transaction log equal in volume to a storage capacityby the log accumulation means.

[0017] Also, the first communication terminal and the secondcommunication terminal may perform transmission and reception of theelectronic value by radio. Either of the first communication terminal orthe second communication terminal may be a mobile communication terminalprovided in a mobile network. In addition, the second communicationterminal may be installed in a vending machine. Also, the communicationterminals may attach a transmission date and time to the electronicvalue when transmitting the electronic value. Further, the communicationterminal may include a security means for performing a process ofelectronic certification, encryption and decryption by using a key forthe electronic value; and an update means for regularly updating the keywhen performing transmission and reception of the electronic value.

[0018] Also, the present invention provides a communication terminalproviding a memory for storing an electronic value which is electronicmoney information and its own identification information therefor, acommunication means for performing transmission and reception of theelectronic value between outside nodes, an identification informationexchange means for providing its own identification information storedin the memory to the outside nodes, and to obtain identificationinformation of the outside nodes from the outside nodes, and a logaccumulation means, as a transaction log, for accumulating theelectronic value amount whose transmission and reception are performedbetween the outside nodes, the identification information, andidentification information of the outside nodes.

[0019] In the preferred embodiment, a communication terminal does notperform transmission and reception of the electronic value between theoutside nodes when it accumulates a transaction log equal in volume to astorage capacity of the memory accumulation means.

[0020] In this case, when a communication terminal accumulates thetransaction log equal in volume to a storage capacity of the logaccumulation means, the accumulated transaction log with an oldertransmission date and time may be erased in transmission and receptionof the electronic value after accumulating the transaction log. Also, acommunication terminal may transmit the accumulated transaction log toan outside device for confirming authenticity for transmission andreception of the electronic value by using the transaction log beforeerasing the accumulated transaction log.

[0021] In the preferred embodiment, a communication terminal includes asecurity means for performing a process of electronic authentication,encryption and decryption by using a key for the electronic value; andan update means for updating regularly the key when performingtransmission and reception of the electronic value. Also, in anotherpreferred embodiment, when a communication terminal transmits theelectronic value to the outside nodes, the communication terminalattaches the transmission date and time to the electronic value.Further, in another preferred embodiment, the communication meansperforms transmission and reception of the electronic value betweenoutside nodes by radio. The communication terminal is a mobilecommunication terminal stored in a mobile network, and the memory is anIC card installed in the communication terminal.

[0022] Also, the present invention provides a communication terminalincluding a memory for storing an electronic value which is electronicmoney information; identification information of an issuer of theelectronic value, and a digital signature provided by the issuer to theidentification information; a communication means for performingtransmission and reception of the electronic value between outsidenodes; an attachment means for attaching identification information ofthe issuer and the digital signature to electronic value transmitted tothe outside nodes by the communication means, and a confirmation meansfor confirming authenticity of the electronic value by verifyingidentification information of the issuer to be attached to theelectronic value received from the outside nodes by the communicationmeans, and the digital signature.

[0023] In the preferred embodiment, the communication terminal includesa security means for performing a process of electronic authentication,encryption and decryption of the electronic value by using a key; and anupdate means for regularly updating the key when performing transmissionand reception of the electronic value.

[0024] When a communication terminal transmits the electronic value tothe outside nodes, a communication terminal may attach a transmissiondate and time to the electronic value. The communication means mayperform transmission and reception of the electronic value between theoutside nodes by radio. The communication terminal is, for example, amobile communication terminal stored in a mobile network, and the memoryis an IC card installed in the communication terminal.

[0025] Also, the present invention is a server for memorizing electronicvalue which is electronic money information, and provides a transfermeans for transferring electronic value accumulated by the electronicbank account holding means via the network to an electronic bank accountholding means for accumulating the electronic value into an electronicbank account assigned to user, a memory for storing the electronic valueand a communication terminal holding a communication means forperforming transmission and reception of the electronic value betweenthe outside nodes; and a purse balance information management means formemorizing balance information of electronic value stored in a memory ofthe communication terminal; and a log obtaining means for obtaining atransaction log showing details of a transaction by using the electronicvalue in the communication terminal via the network from thecommunication terminal; and a purse balance information update means forupdating balance information of the electronic value memorized by thepurse balance information memory means on a basis of the obtainedtransaction log.

[0026] In the preferred embodiment, the server comprises an electronicauthentication means for giving an electronic authentication by a keywhich the server memorizes for the transmitted electronic valueinformation.

BRIEF DESCRIPTION OF THE DRAWINGS

[0027]FIG. 1 is a block diagram illustrating the configuration of theoverall system according to the embodiment of the present invention.

[0028]FIG. 2 is a block diagram illustrating the configuration of anelectronic bank server according to the embodiment of the presentinvention.

[0029]FIG. 3 is a diagram explaining memory content of the database inan electronic bank server according to the embodiment of the presentinvention.

[0030]FIG. 4 is a diagram explaining a memory content of the database inan electronic bank server according to the embodiment of the presentinvention.

[0031]FIG. 5 is a diagram explaining memory content of the database inan electronic bank server according to the embodiment of the presentinvention.

[0032]FIG. 6 is a block diagram illustrating the configuration of amobile station according to the embodiment of the present invention.

[0033]FIG. 7 is a diagram explaining memory content of UIM according tothe embodiment of the present invention.

[0034]FIG. 8 is a diagram explaining memory content of UIM according tothe embodiment of the present invention.

[0035]FIG. 9 is a diagram explaining memory content of UIM according tothe embodiment of the present invention.

[0036]FIG. 10 is a block diagram explaining memory content of a prepaidcard according to the embodiment of the present invention.

[0037]FIG. 11 is a block diagram explaining memory content of a prepaidcard according to the embodiment of the present invention.

[0038]FIG. 12 is a block diagram explaining the operation of opening anelectronic bank account.

[0039]FIG. 13 is a sequence diagram illustrating the operation of theoverall system according to the embodiment of the present invention.

[0040]FIG. 14 is a sequence diagram illustrating the operation of theoverall system according to the embodiment of the present invention.

[0041]FIG. 15 is a sequence diagram illustrating the operation of theoverall system according to the embodiment of the present invention.

[0042]FIG. 16 is a sequence diagram illustrating the operation of theoverall system according to the embodiment of the present invention.

[0043]FIG. 17 is a sequence diagram illustrating the operation of theoverall system according to the embodiment of the present invention.

[0044]FIG. 18 is a sequence diagram illustrating the operation of theoverall system according to the embodiment of the present invention.

[0045]FIG. 19 is a block diagram illustrating the configuration of theoverall system according to the embodiment of the present invention inan application example.

BEST MODE FOR CARRYING OUT THE INVENTION

[0046] Embodiments of the present invention will be described withreference to the drawings.

[0047] In this embodiment, an electronic bank account for each user atan electronic bank provided on a network is opened, and a mobile stationwhich each user owns is used as an electronic purse. A function ofelectronic authentication, encryption and decryption based on RSA publickey encryption system of PKI base (Public Key Infrastructure) should beactivated in an exchange for this electronic value.

[0048] A: Configuration

[0049] At first, the configurations of this embodiment will bedescribed.

[0050]FIG. 1 is a block diagram illustrating the configuration of theoverall system according to the embodiment of the present invention. Asshown in this figure, this system is configured by mobile station MS,mobile network MN, prepaid card PC, electronic bank server EBS, bankingsystem BS, internet INET, registration authority server RA, certificateauthority server CA, and directory server DS.

[0051] Prepaid card PC is a non-contact IC card for storing electronicvalue Information. This prepaid card PC comprises a function fortransmitting stored electronic value information to the outside nodes byradio, and functions as an electronic purse for a user. In thisembodiment, for example, infrared rays like IrDA (Infrared DataAssociation) and the like are used.

[0052] Mobile station MS is, for example, a cellular telephone, andperforms sound communication and data communication via mobile networkMN. This mobile station MS installs an IC card memorizing electronicvalue information, and performing input and output with regard toelectronic value. This IC card will be referred to as UIM (User IdentityModule) 1 hereafter. A user can operate this mobile station MS as anelectronic purse by attaching this UIM1 to mobile station MS.

[0053] Concretely, the mobile station MS reads out electronic valueinformation in UIM1, and actualizes various transactions by exchangingthis information with outside nodes. There are two forms of exchange forthis electronic value;

[0054] 1. Performing transmission and reception of electronic valueinformation to an electronic bank server or other mobile stations viamobile network,

[0055] 2. Performing transmission and reception of electronic valueinformation transmitted from prepaid card PC by infrared rays.

[0056] The mobile network MN comprises a mobile base station MBS and anexchange station not shown here, and provides sound communicationservice and data communication service to the mobile station MS. Thismobile network MN is connected to internet INET via gateway device notshown here.

[0057] An electronic bank server EBS is connected to a mobile network MNand a bank system BS installed in a bank (not shown here) by a privateline. A virtual bank account (hereafter referred to as Electronic BankAccount) assigned to each user is opened in this electronic bank serverEBS. The electronic bank server EBS memorizes electronic valueinformation, such as an electronic bank account number to specifyelectronic bank account and balance information of electronic value inthe electronic bank account, and performs a process for depositing,withdrawing and transferring electronic value and the like in theelectronic bank account in response to a request from mobile station MS.

[0058] Also, the electronic bank server EBS memorizes an electronic bankaccount, and the balance information of electronic value in anelectronic purse, such as a mobile station MS and a prepaid card PC; andupdates balance information by notifying the electronic bank server EBSfrom the electronic purses. Accordingly, an electronic bank server EBScan detect incorrect transcriptions by comparing the balance informationwhich the electronic bank server EBS memorizes in case the electronicvalue is transcribed incorrectly on the electronic purse, such as amobile station MS and a prepaid card PC.

[0059] The Certificate authority server CA is a well-known server whichissues an electronic authentication of standard X509-based on RSA publickey encryption system, and is connected to the Internet INET.Concretely, the certificate authority server CA generates a public keycertificate when a digital signature is given to guarantee correctnessfor a private key of each node in response to an issuing request of apublic key certificate transmitted from each node on a network. As thisdigital signature is performed by a private signature key which thecertificate authority server CA owns, each node which obtains a publickey certificate decrypts this public key certificate by using the publickey of the certificate authority server CA. As each node encrypts thedata by a public key of the certificate authority server CA, andtransmits it to the certificate authority server CA, the certificateauthority server CA memorizes a private decryption key to decrypt thisencrypted message.

[0060] The Directory server DS is a well-known server storing a publickey certificate generated by the certificate authority server CA and CRL(Certificate Revocation List) for the public key certificate, andconnected to the Internet INET. The directory server DS functions tosearch among public key certificates stored in the directory server DS apublic key certificate requested by any of each nodes, and to distributethe same.

[0061] In this embodiment, a public key for mobile station MS andelectronic bank server EBS receive an issue of public key certificatefrom the certificate authority server CA. Accordingly, a node whichshould be a communication partner for the mobile station MS and anelectronic bank server EBS can confirm whether a third party pretends tobe a communication partner or not by obtaining a public key certificatefrom the directory server DS, and verifying the digital signature.

[0062] The Registration authority server RA is a server provided on theInternet INET, and accepts an application of opening an electronic bankaccount by a user, and performs a process with regard to the opening ofan electronic bank account by cooperating with the electronic bankserver EBS, the certificate authority server CA and the directory serverDS.

[0063] The registration authority server RA memorizes a privatesignature key and an encryption certificate for CA. A private signaturekey is a key which gives a digital signature to data which theregistration authority server RA should transmit to outside nodes andthis key prevents a third party from pretending to be the registrationauthority server RA. Also, an encryption certificate for CA is acertificate for a public key to encrypt data which should be transmittedto the certificate authority server CA. An encrypted message of anencryption certificate for CA is decrypted by a private decryption keywhich the certificate authority server CA owns. This key prevents athird party from intercepting the data and transmitting to thecertificate authority server CA.

[0064] (2) Configuration of Electronic Bank Server EBS

[0065] Next, the electronic bank server EBS will be described withreference to the block diagram shown in FIG. 2.

[0066] As shown in FIG. 2, the electronic bank server EBS is configuredby the communication unit 11, the control unit 12, the database 13, andbus 14 which connects these mutually.

[0067] The communication unit 11 comprises a connection interface withInternet INET (not shown here) and a communication control circuit (notshown here). This communication unit 31 performs data communication withthe certificate authority server CA and the directory server DS via amobile network MN and the internet INET, and with a mobile station MSvia a mobile network MN.

[0068] The Control unit 12 is configured by the CPU (Central ProcessUnit) not shown here, ROM (Read Only Memory), RAM (Random AccessMemory), and controls the overall electronic bank server EBS.

[0069] As shown in FIG. 3, a private signature key, a private decryptionkey, a CA signature verification certificate, and an electronic valueinformation are memorized in Database 13.

[0070] A private signature key is a private key which gives a digitalsignature to data which is to be transmitted to the outside nodes fromthe electronic bank server EBS. A public key corresponding to thisprivate signature key is registered in the directory server DS after acertificate is issued by the certificate authority server CA.

[0071] A private decryption key is a private key to decrypt an encryptedmessage received from an electronic bank server EBS. A public keycorresponding to this private key is registered in the directory serverDS after a certificate is issued by the certificate authority server CA.

[0072] A CA signature verification certificate is a certificate for apublic key to verify a digital signature which the certificate authorityserver CA gives to various certificates with a private key. As this CAsignature verification certificate is registered in the directory serverDS, the electronic bank server EBS can obtain this certificate byaccessing the directory server DS.

[0073] The Electronic value management information is information whichmanages electronic value information stored in a mobile station MS, andelectronic value information stored in a prepaid card PC.

[0074]FIG. 4 is a diagram explaining the electronic value managementinformation to manage electronic value information stored in UIM1 in themobile station MS. As shown in this figure, the electronic valuemanagement information comprises electronic bank ID, electronic bankaccount number, electronic value amount in an electronic bank account,the electronic value amount in UIM, a time stamp at update of electronicvalue amount, current value amount in electronic bank account, currentvalue amount in UIM, a time stamp at update of current electronic valueamount, and electronic value update history.

[0075] The Electronic bank ID is identification information for anelectronic bank server EBS which issued the electronic value.

[0076] The Electronic bank account number is the identificationinformation to specify each electronic bank account.

[0077] The Electronic value amount in an electronic bank account is thebalance information of the electronic value in an electronic bankaccount when a mobile station MS accesses an electronic bank server EBSat transaction end.

[0078] The Electronic value amount in UIM is the balance information ofthe electronic value in UIM1 when the mobile station MS accesses theelectronic bank server EBS at transaction end.

[0079] A time stamp at the update of electronic value is information forshowing date and time when the electronic value amount in UIM isupdated, and issued by the electronic bank server EBS. An incorrectretransmission of electronic value will be discovered by using this timestamp as described later.

[0080] The current electronic value amount is the current balanceinformation of electronic value in an electronic bank account.

[0081] The current electronic value in UIM is the balance information ofelectronic value which should be reflected on UIM1. As described later,when an exchange of electronic value is performed between the mobilestations MS without an electronic bank server EBS, a transaction log isnotified to the electronic bank server EBS from either one of mobilestations MS after exchanging electronic value. When this notification ismade, the electronic value amount which should be stored in both mobilestations MS is calculated. The Electronic value amount which should bereflected on UIM1 in the mobile station MS which does not communicatewith the electronic bank server EBS corresponds to current electronicvalue amount in this UIM.

[0082] A time stamp at the update of current electronic value amountproves the date and time which the current electronic value amount in anelectronic bank account and the current electronic value amount in UIMare updated. An incorrect retransmission of electronic value will bediscovered by using this time stamp described later.

[0083] The Electronic value update history is an updated history of anelectronic value amount in UIM at the point the mobile station MS lastaccesses the electronic bank server EBS.

[0084] Next, the electronic value management information to manageelectronic value information stored in a prepaid card PC will bedescribed with reference to FIG. 5. The different points of electronicvalue information between FIG. 4 and FIG. 5 are that prepaid card PC isthe object as an electronic purse instead of UIM1, and the prepaid cardID is used instead of an electronic bank account number. Thus, theelectronic value management information of UIM1 and a prepaid card PC inan electronic bank server EBS is different. The UIM1 corresponds to afixed, one-to-one electronic bank account and a prepaid card on thecontrary is transferable, and therefore manages an electronic value byusing prepaid card IDs, and not by a prepaid card PC corresponding to anelectronic bank account.

[0085] (3) Configuration of Mobile Station MS

[0086] Next, the configuration of mobile station MS will be describedwith reference to FIG. 6.

[0087] As shown in this figure, the mobile station MS is configured byradio communication unit 2, control unit 3, user interface 4, UIM1,infrared communication unit 5; and bus 6. Bus 6 connects these mutually.

[0088] Radio communication unit 2 comprising an antenna (not shown here)and a communication control circuit, performs radio communication withthe mobile base station MBS in the mobile network MN. Also, the infraredcommunication unit 5 performs infrared communication with the prepaidcard PC.

[0089] The control unit 3 is configured by CPU, ROM and RAM (not shownhere), and controls overall the mobile station MS. The mobile station MShas a function which performs sound communication and datacommunication; and processes electronic value. A user can change thesefunctions depending on the purpose. The control unit 3 controls eachpart of the mobile station MS. With regard to the electronic valueprocess, control unit 3 performs a process of electronic authentication,through encryption and decryption, which also involves generating andverifying a time stamp and managing a private key and a public keycertificate.

[0090] User interface 4 comprises a crystal panel to display variousinformation, a keypad for a user to perform an input operation, and amicrophone and a speaker for a user to make a call.

[0091] With reference to FIG. 7, the data to be memorized in UIM1 willbe described. As shown in this figure, a private signature key, aprivate decryption key, an EB signature verification certificate, anencryption certificate for EB, a CA signature verification certificate,a user ID, and an electronic value information are memorized in UIM1.

[0092] The Private signature key is a private key which provides adigital signature to data which the mobile station MS transmits tooutside nodes. By providing the digital signature to the datatransmitted to the outside nodes, a third party is prevented from posingto be a user of the mobile station MS

[0093] The Private decryption key is a private key which decrypts anencrypted message received by the mobile station MS. Thus, preventing athird party from intercepting a message at the time when the encryptedmessage is transmitted to the mobile station MS.

[0094] The EB signature verification certificate is a certificate for apublic key to verify a digital signature which is signed by theelectronic bank server EBS. Since the electronic bank server EBSprovides the digital signature to the data for the mobile station MS, athird party is prevented from posing to be the electronic bank serverEBS.

[0095] The Encryption certificate for EB is a certificate for a publickey to encrypt data transmitted to the electronic bank server EBS. Thatis to say, intercepting by a third party is prevented as the data to betransmitted to the electronic bank server EBS is encrypted.

[0096] The CA signature verification certificate is a certificate for apublic key to verify a digital signature which the certificate authorityserver CA gives to various certificates. Thus, reliability of acertificate issued by certificate authority server CA is guaranteed.

[0097] The User ID is identification information which specifies a userof the mobile station MS.

[0098] Next, as shown in FIG. 8, the electronic value informationcomprises an electronic bank ID; an electronic purse type; an electronicbank account number, an electronic bank signature SGN1, an electronicvalue amount in the electronic bank account, an electronic value amountin the UIM; a time stamp at update of the electronic value amount, anelectronic bank signature SGN2, the current electronic value amount; andan electronic value update history.

[0099] The Electronic bank ID is described above.

[0100] The Electronic purse type is information which shows whether anelectronic purse for storing electronic value information is UIM1 or aprepaid card PC.

[0101] The Electronic bank account number is described above.

[0102] The Electronic bank signature SGN1 is a digital signature givenby the electronic bank server EBS to guarantee that the electronic bankID, the electronic purse type, and the electronic bank account numberdescribed above are not manipulated.

[0103] The Electronic value amount in the electronic bank account is thebalance information of the electronic value in the electronic bankaccount when the mobile station MS accesses electronic bank server EBSat transaction end.

[0104] The Electronic value amount in the UIM is the balance informationof the electronic value in the UIM1 when the mobile station MS accesseselectronic bank server EBS at transaction end.

[0105] A time stamp at the update of the electronic value amount showsthe date and time of the update of the electronic value amount in theUIM, and this is issued by electronic bank server EBS.

[0106] The Electronic bank signature SGN2 is a digital signature givenby the electronic bank server EBS to guarantee that the electronic bankID, the electronic purse type, the electronic bank account number, theelectronic value amount in the electronic bank account, the electronicvalue amount in the UIM, and a time stamp at update of electronic valueamount described above are not manipulated.

[0107] The Current electronic value amount is the balance information ofthe electronic value which the UIM1 memorizes at the time of the currenttransaction.

[0108] The Electronic value update history is an updated history of theelectronic value in the UIM from the point when mobile station MS lastaccesses electronic bank server EBS.

[0109]FIG. 9 is a diagram showing the detailed contents of theelectronic value update history.

[0110] As shown in this figure, the electronic value update historycomprises the recipient electronic bank account number, the payerelectronic bank account number, the payer prepaid card ID, thetransacted value amount, and the digital signature of a transactionpartner.

[0111] A recipient electronic bank account number is an electronic bankaccount number of a user who receives electronic value in transaction. Apayer electronic bank account number is an electronic bank accountnumber of the user who pays electronic value in transaction.

[0112] Also, when a user of electronic money is a prepaid card PC, apayer prepaid card ID is registered as an updated history.

[0113] A Transacted value amount is the electronic value amount to betransacted; and a digital signature of a transaction partner is adigital signature which the mobile station MS gives to guarantee thatthe recipient electronic bank account number, the payer electronic bankaccount number, the payer prepaid card ID, and the transacted valueamount are not manipulated.

[0114] The Mobile station MS transmits electronic value update history,as described above, to the electronic bank server EBS aftertransactions.

[0115] (3) Configuration of Prepaid Card PC

[0116] Next, the data to be stored in a prepaid card PC will bedescribed. FIG. 10 is a diagram which shows the data that is to bestored in a prepaid card PC. As shown in this figure, the EB signatureverification certificate, the encryption certificate for EB, the CAsignature verification certificate, and the electronic value informationare memorized in a prepaid card PC. The EB signature verificationcertificate, the encryption certificate for EB, and the CA signatureverification certificate are common information which the UIM1memorizes, so the explanations will be omitted.

[0117] Also, a private signature key and a private decryption key arememorized in the UIM1, but not in a prepaid card PC. Unlike the mobilestation MS, a user who owns a prepaid card PC is officially authorizedas the proper owner. Because a prepaid card is transferable, a digitalsignature to prevent a third party from pretending to be the owner isnot required to be performed, or the data for electronic valueinformation transmitted to the prepaid card PC is not required to betransmitted as an encrypted one.

[0118] Next, the electronic value information in a prepaid card PC willbe described with reference to FIG. 11. As shown in this figure, theelectronic value information comprises the electronic bank ID, theelectronic purse type, the prepaid card ID, the electronic banksignature SGN3, the electronic value amount in a prepaid card, a timestamp at update of electronic value amount, the electronic banksignature SGN4, the current electronic value amount and the electronicvalue update history.

[0119] The electronic value information in the prepaid card is differentfrom the one in the UIM1 as follows;

[0120] the electronic value in the prepaid card PC is used as the objectinstead of the electronic value in UIM1; and

[0121] the electronic value amount in an electronic bank account is notmemorized in this prepaid card.

[0122] That is to say, a prepaid card PC does not correspond to theelectronic bank account of a user in a fixed way as it is transferableamong users. Accordingly, a prepaid card PC does not memorize anelectronic value amount in the electronic bank account.

[0123] Also, the electronic value update history shown in FIG. 11 iscommon information to electronic value update history in UIM1 shown inFIG. 9 except that the electronic value information is recorded in theprepaid card and not in the UIM, so explanation thereof will be omitted.

[0124] B: Operation

[0125] Next, the operation of the embodiment comprising the aboveconfigurations will be described.

[0126] (1) Opening of a electronic bank account, (2) Continuation of theelectronic bank account, (3) Deposit and withdrawal of an electronicvalue, (4) Exchange between electronic purses, and (5) Transfer of theelectronic value will be described as below.

[0127] (1) Opening of Electronic Bank Account

[0128]FIG. 12 is a sequence diagram showing an operation of the overallsystem when an electronic bank account is opened.

[0129] At first, a user goes to the registration authority (not shownhere) where the registration authority server RA is installed, andnotifies necessary information to open an electronic bank account, suchas a name, address, password and telephone number for the mobile stationMS, and bank account number for the bank account which depositselectronic value to an operator. The operator inputs such informationinto the registration authority server RA.

[0130] The Registration authority server RA transmits the inputinformation to the electronic bank server EBS, and requests theelectronic bank server EBS to open an electronic bank account. (StepSZ1)

[0131] The Electronic bank server EBS inquires of the bank system BSwhether a user has a bank account or the ability to pay, and opens atemporary electronic bank account when the above things are confirmed.(Step SZ2) At this moment, an electronic bank account number is issued,and the expiry date is set for the electronic bank account.

[0132] Next, the electronic bank server EBS transmits the electronicbank account number and expiry date for an electronic bank account tothe registration authority server RA. (Step SZ3)

[0133] When the registration authority server RA receives the electronicbank account number and the expiry date for the electronic bank account,a pair key (That is to say, a pair of a private key and a public key)corresponding to a user is generated accordingly. This pair key consistsof 2 types;

[0134] a pair key for digital signature and verification of data whichshould be transmitted to the electronic bank server EBS from the mobilestation MS and; a pair key for encryption and decryption of data whichshould be transmitted to the mobile station MS from the electronic bankserver EBS. The expiry date for this pair key is the same as the one forthe electronic bank account numbers.

[0135] The registration authority server RA transmits a public key toverify a digital signature, and a public key to encrypt a digitalsignature among generated pair keys with electronic bank account numbersto the certification authority server CA, and requests the certificationauthority server CA to issue public key certificates with regard tothese pair keys. (Step SZ4)

[0136] Accordingly, the certification authority server CA issues publickey certificates for digital signature verification and encryption, andregisters these certificates with the directory server DS by correlatingwith the electronic bank account numbers. (Step SZ5)

[0137] On the other hand, the electronic bank server EBS accesses theDirectory server DS, and confirms that public key certificates fordigital signature verification and encryption are registered bysearching, as a clue, an electronic bank account. (Step SZ6) At thismoment, a communication which security is guaranteed between electronicbank server EBS and mobile station MS is prepared to carry out.

[0138] And, the electronic bank server EBS specifies an electronic bankaccount number, and notifies the registration authority server RA thatthe electronic bank account shown by the above specified number isopened. (Step SZ7)

[0139] Accordingly, the registration authority server RA accessesdirectory server DS, and obtains the EB signature verificationcertificate, the encryption certificate for EB, and the CA signatureverification certificate stored beforehand. (Step SZ8)

[0140] And, the registration authority server RA writes a privatesignature key, a private decryption key, the EB signature verificationcertificate, the encryption certificate for EB, the CA signatureverification certificate, the electronic bank ID, and the electronicbank account number in the UIM1 via the ROM writer (not shown here). Auser receives data written by the UIM1, and attaches this to the mobilestation MS. And, the process is completed. (Step SZ9)

[0141] (2) Continuation of the Electronic Bank Account

[0142] A user can perform a continuous use of the electronic bankaccount opened as described above by paying the account managementcharge regularly. A payment method for this account management charge isas follows:

[0143] (A1) The Electronic bank withdraws electronic value correspondingto the account management charge from the electronic bank account of auser.

[0144] (B1) The Electronic bank withdraws money corresponding to theaccount management charge from an actual bank account of a user.

[0145] (C1) The Electronic bank appropriates a part of the moneycollected from a user as repurchase price for UIM1, as an accountmanagement charge.

[0146] (D1) The Electronic bank appropriates a part of the moneycollected from a user as an installation cost of a new key for the UIM1,as account management charge.

[0147] (E1) A part of the cost of issuing a public key certificate of apair key regenerated in the UIM1 by the electronic bank is appropriatedas account management charge.

[0148] As described above, the key for the UIM1 is updated regularly.The reason is that setting the expiry date to a key and updating theinformation regularly are general rules which provide security to asystem which uses a key based on a public key encryption algorism.

[0149] This concrete method is as follows:

[0150] (A2) A user repurchases the UIM1 where a new key is installed.

[0151] (B2) The Registration authority server RA rewrites data for a newkey into the UIM1.

[0152] (C2) A user transmits a new key to the UIM1 in the mobile stationMS from the Registration authority server RA.

[0153] (D2) A user regenerates a new key in the UIM1, and requests theregistration authority server RA to issue a public key certificate.

[0154] An example of updating the UIM1 will be described with referenceto the sequence shown in FIG. 13. The example given below describes, thetwo payment methods which can be selected as an option. In the firstoption, the electronic value corresponding to the account managementcharge is withdrawn and paid into the electronic bank server EBS(described above A1); and in the second option a private key among thepair keys which the certificate authority server CA generates istransmitted to the mobile station MS. (described above C2)

[0155] And, the withdrawal date and amount of money for the accountmanagement charge is notified beforehand by the Electronic bank serverEBS to the user who requests the continuation of the use of theelectronic bank account. When the date for withdrawal comes, theelectronic bank server EBS withdraws the electronic value from theelectronic bank account of a user as account management charge for thenext period. (Step S1)

[0156] Next, the electronic bank server EBS encrypts an electronic bankaccount number of a user to which a digital signature is given, andnotifies the encrypted account number to the certificate authorityserver CA, and requests the CA to reissue a pair key, for a permissionto transmit a private key for users, and to issue a public keycertificate. (Step S2)

[0157] On the other hand, the certificate authority server CA decryptsand verifies the digital signature, and generates a pair key, and issuesa public key certificate for the generated pair key after confirmingthat the above requests come from the proper electronic bank server EBS.The public key certificate issued is then registered with the directoryserver DS. (Step S3)

[0158] When the electronic bank server EBS accesses the directory serverDS, and confirms that a new certificate has been issued (Step S4), theelectronic bank server EBS notifies the mobile station MS of a user whoperforms continuous use, that the account management charge is receivedand a preparation to transmit a private key is ready to be carried out.(Step S5)

[0159] When the mobile station MS receives a notification from theelectronic bank server EBS, that a private key is ready to betransmitted, the mobile station MS requests the certificate authorityserver CA to transmit a new private key in response to the operation bya user after this notification has been displayed. (Step S6)

[0160] The Certificate authority server CA encrypts a new private keywith an old encryption public key of a user (valid at present), andtransmits this key which has a digital signature, to the mobile stationMS when receiving a request to transmit a new private key from themobile station MS. (Step S7)

[0161] The Mobile station MS verifies the digital signature given to thenew private key transmitted from the certificate authority server CA,and confirms that this signature is transmitted from the propercertificate authority server CA. Also, the MS decrypts the private keytransmitted from the certificate authority server CA by using a validprivate decryption key at present. (Step S8)

[0162] Next, the mobile station MS substitutes the old private key inthe UIM1 with the new one. (Step S9) Then, the mobile station MStransmits, to the certificate authority server CA, this message signedwith the new private signature key, showing that substitution has beensuccessfully carried out. (Step S10)

[0163] The certificate authority server CA in return, registers a publickey for an old private key with a CRL in the directory server DS afterreceiving a message that the substitution has been successfully carriedout. (Step S11)

[0164] Therefore, it is impossible to use a public key for an oldprivate key.

[0165] (3) Deposit and Withdrawal of Electronic Value

[0166] Next, the operation of deposit and withdrawal of electronic valueto a prepaid card PC will be described with reference to the sequenceshown in FIG. 14 and FIG. 15 where 100 yen of electronic value amount iswithdrawn from a deposit of 1,000 yen in an electronic bank account andappropriated to the UIM1.

[0167] At first, the user operates a keypad for the mobile station MS,having selected to use either the electronic value in a prepaid card PCor the one in the UIM1 installed in the mobile station MS, and inputsthe electronic value amount to be withdrawn from the electronic bankaccount or the one to be deposited into the electronic bank account. TheUIM1 is selected as an electronic purse, and the withdrawn 100 yen isinput by the user in this case. The mobile station MS accepts the keyoperation described above. (Step Sa1)

[0168] Next, after the mobile station MS encrypts the information inputcarried out in Step Sa1 and the electronic value information in UIM1with the encryption certificate for the EB stored in the UIM1, themobile station MS gives a digital signature to the above informationwith a private signature key, to which a time stamp is given andtransmits it to the electronic bank server EBS as a request signal.(Step Sa2)

[0169] The electronic bank server EBS obtains a public key certificatefor verification of the digital signature from the directory server DSby referring to the electronic bank account number included in thereceived electronic value information. and verifies the correctness ofthe digital signature in the mobile station MS by using this certificatewhen receiving the above information. (Step Sa3)

[0170] Next, the electronic bank server EBS decrypts an encryptedmessage received in Step Sa2 by using a private decryption key which theelectronic bank server EBS memorizes, and confirms the time stamp. (StepSa4)

[0171] To avoid receiving from the same user more than twice a requestsignal which has the same stamp, the stamp confirmation process is used.

[0172] In this way, improper retransmission of a request signal isprevented by this process.

[0173] Next, the electronic bank server EBS confirms the designatedamount of money for withdrawal and deposit, and calculates theelectronic value amount in the UIM and the electronic value amount inthe electronic bank account after a withdrawal or a deposit. (Step Sa5)The electronic value amount in the UIM is 100 yen after the withdrawal,the electronic value amount in the electronic bank account is 900 yen inthis case.

[0174] Next, the electronic bank server EBS obtains a public keycertificate for encryption from the directory server DS by using theelectronic bank account number as a clue. (Step Sa6)

[0175] And, the electronic bank server EBS encrypts the calculatedamount in Step Sa5, the electronic bank account number, the user name,and a transaction type showing the withdrawal and deposit, and thetransacted value amount with a public key certificate obtained from thedirectory server DS. (Step Sa7)

[0176] Further, the electronic bank server EBS gives a digital signatureto the above encrypted message with a private signature key which theelectronic bank server EBS memorizes, and transmits this encryptedmessage to which a time stamp is given to the mobile station MS. (StepSa8)

[0177] The mobile station MS confirms verification of the digitalsignature, encryption of the encrypted message, and a time stamp for thereceived data. (Step Sa9)

[0178] The mobile station MS displays the electronic value amount in theUIM and the electronic value amount in the electronic bank account afterthe withdrawal and deposit. (Step Sa10) In this case, the electronicvalue amount in the UIM is 100 yen, and the electronic value amount inthe electronic bank account is 900 yen. The user checks this amountcarefully, and performs a key operation to decide OK or NG whether therequest is the same as the one of the user or not.

[0179] When the OK key operation is performed, the mobile station MSupdates the electronic value information memorized in the UIM1. (StepSa11)

[0180] That is to say, the mobile station MS updates the electronicvalue amount in the electronic bank shown in FIG. 8 from 1,000 yen to900 yen and the electronic value amount in the UIM1 shown in FIG. 8 from0 yen to 100 yen, and stores the received time stamp as a time stamp atupdate of the electronic value amount and a digital signature as anelectronic bank signature SGN2.

[0181] And, the mobile station MS generates a message that the OK keyoperation is performed, and performs a process of encryption with theencryption certificate for the EB, of a digital signature with a privatesignature key, and gives a time stamp for this message which is the sameas Step Sa2, and transmits it to electronic bank server EBS. (Step Sa12)

[0182] Next, the electronic bank server EBS obtains a digital signatureverification certificate from the directory server DS as in Step Sa3,and verifies the correctness of the digital signature by using thiscertificate when receiving the above message as described in FIG. 15(Step Sa13).

[0183] Further, the electronic bank server EBS decrypts an encryptedmessage by using a private decryption key as in Step Sa4, and confirmsthe time stamp. (Step Sa14)

[0184] As a result, the electronic bank server EBS updates theelectronic value management information shown in FIG. 4 when confirmingan OK message. (Step Sa15)

[0185] The electronic value amount in the electronic bank account isupdated from 1,000 yen to 900 yen, the electronic value amount in theUIM is updated from 0 yen to 100 yen, the current electronic valueamount in the electronic bank account is updated from 1,000 yen to 900yen, and the current electronic value amount in the UIM is updated from0 yen to 100 yen. A time stamp is issued at this moment and this timestamp is stored in the electronic bank server EBS as the time stamp atupdate of electronic value amount and a time stamp at update of currentelectronic value amount.

[0186] The electronic bank server EBS transmits a message to the mobilestation MS that the transaction has been completed (Step Sa16); and inreturn, the mobile station MS displays the above received message (StepSa17), and the process is completed.

[0187] In the above case, when a key operation in Step Sa10 is NG,mobile station MS does not update electronic value information in UIM1.And, a NG message is generated in Step Sa12, and it is transmitted toelectronic bank server EBS.

[0188] Also, the electronic bank server EBS completes a process withoutupdating the electronic value information in Step Sa13 when receiving anNG message. But, the electronic bank server EBS stores a log about theabove process with a digital signature of the mobile station MS to dealwith claims, which an OK message has been input to confirm the resultand so forth, from a user of the mobile station MS.

[0189] For example, when the above transaction cannot be completed forreasons such as the electronic bank server EBS not receiving a messagefrom the mobile station MS as in Step Sa12, the electronic bank serverEBS generates a non-completion message of a transaction not performed,and encrypts this message and the electronic value amount in the UIM1 towhich a digital signature and time stamp are given before thetransaction, and transmits this message and value amount to the mobilestation MS.

[0190] On the other hand, the mobile station MS displays this messagewhen receiving a non-completion message from the electronic bank serverEBS, and the mobile station MS will substitute the electronic valueamount in the UIM with the one in the UIM transmitted withnon-completion message before transaction.

[0191] Also, for example, when the mobile station MS cannot receiveeither the completion or the non-completion message for reasons such asa prolonged communication interception, the mobile station MS displays amessage of transaction not completed on display. A user operates themobile station MS to perform a communicative connection to theelectronic bank server EBS after restoration of the communicationinterception, and obtains an updated electronic value information, andupdates the electronic value information of a user.

[0192] In the above example, the electronic value in the UIM1 of themobile station MS was described. A prepaid card PC only has to gothrough the same process as described above via the mobile station MS byan infrared communication means when the electronic value in the prepaidcard PC is deposited in the electronic bank account.

[0193] (4) Exchange Between Electronic Purses

[0194] The Mobile station MS can exchange electronic value by a localcommunication means which the electronic bank server EBS does notmediate like an infrared communication means.

[0195] With reference to the sequence shown in FIG. 16 and FIG. 17, thecase in which the electronic value of 100 yen is paid from the mobilestation MS1 of user A, and the mobile station MS2 of user B receivesthis 100 yen value will be described below.

[0196] At first, the mobile station MS1 transmits by infraredcommunication, a request signal to mobile station MS2 of user B forinformation on the electronic bank ID in the electronic valueinformation of user B, the electronic purse type, the electronic bankaccount number, and the EB signature SGN1. (Step Sb1)

[0197] The mobile station MS2 of user B reads out electronic valueinformation requested from its own UIM1, and transmits this informationto mobile station MS1 by infrared communication on receiving thisrequest signal. (Step Sb2)

[0198] The mobile station MS1 verifies EB signature SGN1 in the receivedelectronic value information, and confirms that the user B is the properowner of the electronic value which the electronic bank server EBSissues. (Step Sb3) If the EB signature SGN1 is not confirmed, theprocess is stopped.

[0199] If confirmation is given, user A performs a key operation torequest payment after inputting the electronic value amount of 100 yento be paid to user B, and electronic purse type information (hereafterreferred to as UIM1). The key operation is then accepted by mobilestation MS1. (Step Sb4)

[0200] Next, the mobile station MS1 organizes an electronic bank accountof user B, the electronic bank number of user A, and the transactedvalue amount (in this case, the electronic value amount 100 yen paidfrom the mobile station MS1 to mobile station MS2) as information set,and gives a digital signature of user A to this information set, andtransmits it to mobile station MS2 as electronic value information whichuser A pays. In this case, the mobile station MS1 transmits theelectronic bank ID, the electronic purse type, the electronic bankaccount of user A, and the EB signature SGN1 in the electronic valueinformation which the mobile station MS1 memorizes. (Step Sb5)

[0201] The Mobile station MS2 verifies the EB signature SGN1 given tothe received information set, and confirms that user A is the true ownerof the electronic value which the electronic bank server EBS issues.(Step Sb6) If it is not confirmed that user A is the true owner, thetransaction of the process is stopped.

[0202] Further, the mobile station MS2 verifies the digital signature ofuser A given to the received information set. (Step Sb7) This prevents athird party from posing as user A of the mobile station MS1.

[0203] Next, the mobile station MS2 displays the electronic valueinformation which user A pays except for a digital signature informationof user A. (Step Sb8) That is to say, the electronic bank account numberof user B, the electronic bank account number of user A, and thetransacted value amount of 100 yen are displayed.

[0204] User B refers to this display, and inputs an OK message into themobile station MS2 if user B decides that there are not any problems.

[0205] On the other hand, if user B encounters problems, user B inputsan NG message into the mobile station MS2. The mobile station MS2notifies this message to mobile station MS1, and the process will bestopped.

[0206] Next, the mobile station MS2 adds the electronic value amount of100 yen corresponding to the transacted value amount to the UIM currentelectronic value amount in the electronic value information memorized inits own UIM 1, and adds to electronic value update history, an updatehistory based on the electronic value information paid by user A whichis received from the mobile station MS1 (Step Sb9)

[0207] Next, the mobile station MS2 gives a digital signature of user Bto the electronic bank account number of user B, electronic bank accountnumber of user A, and the transacted value amount of 100 yen except fora digital signature of user A in the electronic value information whichuser A pays, and transmits the information to the mobile station MS1 asthe information which user B received. (Step Sb10)

[0208] The mobile station MS1 receives the electronic value informationwhich user B received, and verifies the digital signature of user Bwhich is transmitted along with the information. (Step Sb11)

[0209] Next, the mobile station MS1 deducts the electronic valueinformation 100 yen corresponding to the transacted value amount fromthe current electronic value amount in the UIM, and adds an updatedhistory to the electronic update history, updates the electronic historybased on the electronic value information received by user B. (StepSb12)

[0210] At this moment, the local electronic value exchange betweenmobile station MS1 and mobile station MS2 will be completed.

[0211] Next, the sequence shown in FIG. 17 is performed when the mobilestation MS2 of user B needs to communicate with the electronic bankserver EBS after completing the process shown in FIG. 16.

[0212] At first, the mobile station MS2 reads out the updated electronicvalue (update) history from its own UIM1, transmits this history to theelectronic bank server EBS, and requests the electronic bank server EBSto confirm the correctness of the transaction. (Step Sc1)

[0213] On the other hand, the electronic bank server EBS refers to theelectronic value update history received from mobile station MS2, andverifies a transaction partner digital signature, which is the digitalsignature of user A in this case, in this electronic value updatehistory. The electronic bank server EBS changes the electronic valueinformation described below if no problems are found through thisverification. (Step Sc2)

[0214] That is to say, with regard to the electronic value managementinformation corresponding to user B who receives the electronic value,the electronic bank server EBS performs an updating process to add 100yen to the electronic value amount in the UIM, to update the time stampat update of the electronic value amount, to add 100 yen to the currentelectronic value amount in the UIM, and to update a time stamp at theupdate of the current electronic value amount.

[0215] Also, with regard to the electronic value management informationcorresponding to user A who pays the electronic value, the electronicbank server EBS reduces the current electronic value amount in the UIMby 100 yen, and performs a process to update the time stamp at update ofthe current electronic value amount.

[0216] And, if there are some problems in the verification result of thetransaction partner digital signature, the electronic bank server EBSgenerates a message that updating has not been processed due toproblems, and notifies the manager of the electronic bank server EBS.

[0217] The electronic bank server EBS transmits the electronic valueinformation which should be updated based on the electronic valuemanagement information updated in Step Sc2 to mobile station MS2. (StepSc3) Electronic value information transmitted in this case is theelectronic value amount in the UIM, with a time stamp at update of theelectronic value amount, and the electronic bank signature SGN2.

[0218] If there are some problems in the verification result of thetransaction partner digital signature, a message that updating has notbeen processed due to problems will be transmitted with the aboveinformation to mobile station MS2.

[0219] The mobile station MS2 updates the electronic value informationin its own UIM1 in response to electronic value information receivedfrom the electronic bank server EBS. (Step Sc4)

[0220] And, the electronic value information of mobile station MS1 isconfirmed by the electronic bank server EBS when the mobile station MS1communicates with the electronic bank server EBS with regard to theprocess which will take place as in mobile station MS2.

[0221] That is to say, the electronic bank server EBS compares thecurrent electronic value amount in the UIM with the electronic valueamount in the UIM in the electronic value management informationcorresponding to user A when the electronic bank server EBS is accessedfrom the mobile station MS1. If both amounts are different, theelectronic value information will be updated. The contents of update inthis case are: matching the electronic value amount in the UIM with thecurrent electronic value amount in the UIM, and updating the time stampat update of the electronic value amount.

[0222] The electronic bank server EBS transmits electronic valueinformation which should be updated, to the mobile station MS1 bymatching the above updated information. That is to say, the electronicbank server EBS transmits the electronic value amount in the UIM, a timestamp at update of the electronic value amount, and the electronic banksignature SGN2.

[0223] The mobile station MS1 verifies the electronic bank signatureSGN2 in the information received from the electronic bank server EBS,and updates the electronic value information in the UIM1 if no problemsare found. (Step Sb20)

[0224] It follows that the transaction is guaranteed by the electronicbank server EBS, and the process will be completed.

[0225] An exchange between the electronic purses is only completedeffectively when the electronic value update history arrives at theelectronic bank server EBS from both purses of a transactor.

[0226] Also, process can be completed when an electronic purse updatehistory is notified to either one of the electronic purses. In thiscase, when an updated history of paid electronic value is notified tothe electronic bank server EBS, it can be considered that the process iscompleted.

[0227] In the above example, the UIM1 in the mobile station MS wasdescribed as a payer's an electronic purse, electronic value in prepaidcard PC is also possible to use. In this case, the prepaid card PC onlyhas to go through the same process as the above mentioned via the mobilestation MS by infrared communication.

[0228] (5) Transfer of Electronic Value

[0229] The electronic value can be transferred to someone else as a form“transfer from your purse or your electronic bank account to theelectronic bank account of someone else”

[0230] The transfer of electronic value will be described with referenceto the sequence shown in FIG. 18.

[0231] At first, the user operates the mobile station MS, and selects awithdrawal means to transfer the electronic value. (hereafter referredto as a transfer means) Concretely, either one of the prepaid card PC,the UIM1 in the mobile station MS, or the electronic bank account of auser is selected. It is assumed that the UIM1 is selected in this case.Next, the user inputs an electronic bank account number for a transferpoint (hereafter referred to as electronic bank account number for atransfer point) and the amount to be transferred. (hereafter referred toas transfer money), Mobile station MS accepts the above operations.(Step Sd1)

[0232] Next, the mobile station MS gives a time stamp to the informationwhich is input by the user, encrypts this information with a publicencryption key for the electronic bank server EBS, and transmits thedata to which a digital signature is given by using a private signaturekey to the electronic bank server EBS as a request signal to request atransfer. (Step Sd2)

[0233] When a user selects a prepaid card PC as a transfer means in StepSd1, the mobile station MS performs communication through infrared meanswith the prepaid PC, and obtains electronic value information in theprepaid card PC, and transmits this information to the electronic bankserver EBS.

[0234] On the other hand, the electronic bank server EBS verifies thedigital signature on the received data, and decrypts the encryptedmessage, and confirms the correctness of the electronic valueinformation by checking a time stamp. (Step Sd3)

[0235] Next, the electronic bank server EBS confirms:

[0236] 1, existence of the electronic bank account to which theelectronic value is transferred;

[0237] 2, availability of the electronic bank account which is appointedto transfer the electronic value; and

[0238] 3, the balance of the electronic value in a transfer means whichtransfers the electronic value is larger than the amount of theelectronic value amount to be transferred. (Step Sd4)

[0239] When a prepaid card PC is selected as a transfer means, theelectronic bank server EBS verifies the electronic bank signature SGN4,and confirms whether a transfer is possible or not after confirming thatthe electronic value information is not transcribed falsely.

[0240] Next, the electronic bank server EBS calculates the electronicvalue amount of a transfer means (UIM1 in this case) after transferring.And, the electronic bank server EBS gives a time stamp to the electronicbank ID, the electronic bank account number of a transfer point, theuser name of the electronic bank account for a transfer point, theamount of transferred money, the electronic bank account number of auser of the transfer means, and the electronic value amount of atransfer means (UIM1) before or after transferring, and encrypts with apublic encryption key obtained from the directory server DS, and gives adigital signature with a private signature key which the electronic bankserver EBS memorizes, and transmits to the mobile station MS. (Step Sd5)

[0241] The mobile station MS confirms that there is no incorrectness byverifying the digital signature, decrypting an encrypted message, andconfirming a time stamp of the received data. (Step Sd6)

[0242] Next, the mobile station MS displays the received data. When auser checks this data after reading, and performs a key operationshowing OK or NG, the mobile station MS accepts this operation by theuser. (Step Sd7)

[0243] When a key operation showing OK is performed, the mobile stationMS updates the electronic value information memorized by the UIM1selected as a transfer means, the electronic value information whichshould be updated in this case is the electronic value amount in theUIM, a time stamp at update of electronic value amount, the electronicbank signature SGN2, and the current electronic value amount. Theinformation in the electronic purse is not updated when an electronicbank account is selected as a transfer means.

[0244] Also, a key operation for showing NG is performed, and theelectronic value in the electronic purse is not updated.

[0245] Next, the mobile station MS generates a message showing whether akey operation is OK or NG, and gives a time stamp to this message,encrypts with a public encryption key for the electronic bank, and givesa digital signature with a private signature key, and transmits to theelectronic bank server EBS. (Step Sd8)

[0246] The electronic bank server EBS calculates the electronic value inthe electronic bank account for a transfer point, gives a digitalsignature of the electronic bank server EBS to this electronic value,and stores it as electronic value management information correspondingto the electronic bank account of a transfer point when receiving an Okmessage. (Step Sd9)

[0247] When an electronic bank account is selected as a transfer means,the electronic bank server EBS calculates the electronic value in theelectronic bank account of a transfer means, and stores this value towhich a digital signature of the electronic bank server EBS is given aselectronic value management information.

[0248] The electronic bank server EBS transmits a message showing theprocess is completed to the mobile station MS. (Step Sd10) The mobilestation MS displays this message, and notifies the completion of theprocess to the user.

[0249] Also, the electronic bank server EBS completes a process withoutupdating the electronic value information when receiving an NG message.But, the electronic bank server EBS stores a log about the above processwith a digital signature of the mobile station MS to deal with claims,which an OK message has been input to confirm the result and so forth,from a user of the mobile station MS.

[0250] Also, for example, when the above transaction cannot be completedfor reasons such as the electronic bank server EBS not receiving amessage from the mobile station MS in Step Sd8, the electronic bankserver EBS encrypts a non-completion message that the transaction is notperformed and the electronic value amount in the UIM before thetransaction, and transmits this encrypted message and the encryptedvalue amount to which a digital signature and a time stamp are given, tothe mobile station MS as performed in Step Sa8.

[0251] On the other hand, the mobile station MS displays this messagewhen receiving a non-completion message from the electronic bank serverEBS, and the electronic value amount in the UIM is substituted with theone in the UIM before the transaction transmitted with a non-completionmessage.

[0252] Also, for example, when the mobile station MS cannot receive boththe messages (completion and non-completion message) for reasons such asa prolonged communication interception, the mobile station MS displays amessage which says transaction is not completed. A user operates themobile station MS to perform a communicative connection to theelectronic bank server EBS after the restoration of communicationinterception and obtains an updated electronic value information, andupdates the electronic value information of a user.

[0253] In the above example, the electronic value in the UIM1 of themobile station MS was described. When an electronic value in a prepaidcard PC is transferred, the prepaid card PC has only to go through thesame process via the mobile station MS by infrared communication asdescribed above.

[0254] C: Application Examples

[0255] Next, the application examples of the embodiment will bedescribed.

[0256] For example, an item can be sold through cashless transaction byinstalling a function of an electronic purse corresponding to a UIM1 ina mobile station MS into a vending machine or POS (Point of Sale), andperforming an exchange of electronic value between electronic purses bylocal communication network between mobile station MS (or prepaid cardPC) of a user (of vending machine) and the vending machine.

[0257] With regard to a vending machine, the correctness is confirmed byverifying the electronic bank signature SGN1 when the electronic valueis exchanged with a mobile station MS, so confirming the correctness ofthe electronic value to the electronic bank server EBS is not neededeach time. Accordingly, advantage is that a user can purchase an itemimmediately, without the vending machine dealer having to pay thecommunication cost to a server.

[0258] Also, an item can be sold by cashless transactions between mobilestation MS of a user and a vending machine without installing a functionof an electronic purse in the mobile station MS. In this case, theelectronic bank signature SGN1 is verified when the electronic value isexchanged with the mobile station MS as well.

[0259]FIG. 19 illustrates the above example. A vending machine VM isconnected, by wire or radio, to a vending machine server VS connected toa mobile network.

[0260] The vending machine VM has a function to perform infraredcommunication with a mobile station MS, to give a digital signature tothe data to be transmitted to the mobile station MS, and to verify theelectronic bank signature SGN1 transmitted from the mobile station MS.

[0261] The mobile station MS1 of a user receives an electronic bankaccount number of a vending machine dealer by using infraredcommunication with the vending machine VM.

[0262] A user inputs the amount of electronic value money to be paid toa vending machine VM and the electronic purse type into the mobilestation MS, and operates the mobile station MS to show the paymentrequest. The mobile station MS accepts this operation.

[0263] The mobile station MS organizes the electronic bank accountnumber of a vending machine dealer, the electronic bank account numberof a user, and the electronic value amount to be paid as informationset, and transmits this information set to which a digital signature ofa user is given to a mobile vending machine VM as electronic valueinformation paid by a user by infrared communication. Also, theelectronic bank server ID, the electronic purse type, the electronicbank account number, and the information set of the electronic banksignature SGN1 among the electronic value information stored in anelectronic purse of a user are also transmitted to the vending machineVM.

[0264] The vending machine VM verifies the electronic bank signatureSGN1, and confirms whether a user is the owner of the electronic valueissued by a proper electronic bank server EBS. If it fails to verify thedigital signature, a transaction to a user will be stopped, and a log ofthe received information will be taken that there is an improper access.

[0265] When the above verification of a digital signature is successful,the vending machine VM confirms that the money information correspondingto the electronic value amount is more than that of the amount of moneyfor an item. If the amount of money is short, the vending machine VMstops the transaction from the mobile station MS, and returns a messageshowing the money is short to the mobile station MS.

[0266] The vending machine VM takes a log as an electronic value updatehistory which is an electronic bank account number of a vending machinedealer, and electronic bank account number of a user, the electronicvalue amount to be paid, and a digital signature of a user afterconfirming the above money information.

[0267] And, the vending machine VM generates a message that the amountof money for the item is received, and transmits this message with adigital signature to the mobile station MS. A payment for an item to thevending machine VM is completed at this moment, and it enables a user topush an item button to get the item.

[0268] And, the mobile station MS updates the electronic valueinformation in the UIM1 based on a message received from vending machineVM. Concretely, deduct amount of money for the item from a currentelectronic value, and add an electronic bank account number of a vendingmachine dealer, electronic bank account number of a user, electronicvalue amount to be paid, and a digital signature of a vending machine VMto the electronic value update history.

[0269] The accumulated log in vending machine VM is collected regularlyby vending machine server VS, and transmitted to electronic bank serverEBS.

[0270] Electronic bank server EBS verifies a digital signature of apayer to electronic value update history received from vending machineserver VS, and changes the below management information on theelectronic value update history.

[0271] That is to say, with regard to electronic value managementinformation of electronic bank account of a vending machine VM dealer,electronic bank server EBS adds an electronic value amount in anelectronic bank account, and updates a time stamp at update ofelectronic value amount in electronic bank account. With regard toelectronic value management information of electronic bank account andelectronic purse of a user, current electronic value amount in UIM1 isdeducted, and a time stamp at update of electronic value amount isupdated.

[0272] When a user pays by prepaid card PC, a current electronic valueamount in a prepaid card is deducted, and a time stamp upon update ofthe electronic value amount is updated.

[0273] Also, when electronic bank server EBS fails to perform electronicauthentication of a user, a message showing an update of electronicvalue information is not completed is generated, and transmitted to amanager of electronic bank server EBS.

[0274] Electronic bank server EBS updates electronic value managementinformation of electronic bank account of a vending machine VM dealer.That is to say, electronic bank server EBS adds electronic value amountin an electronic bank account to electronic value managementinformation, updates a time stamp at update of electronic value amount,and transmits such information to vending machine server VS.

[0275] Also, when electronic bank server EBS fails to perform electronicauthentication, the message described above is transmitted to vendingmachine server VS as well.

[0276] Vending machine server VS notifies a message received fromelectronic bank server EBS to a manager of vending machine server VS bydisplaying it. If a manager received a message showing failing toperform electronic authentication, a manager may take a legal action andthe like if this transaction is recognized to be fraudulent afteranalyzing this message carefully.

[0277] Electronic value information in an electronic purse of a user isupdated in the same way already described above like an exchange betweenelectronic purses when a user accesses electronic bank server EBS later,and the process is completed.

[0278] When an electronic value update history received from a user islost by system trouble of vending machine VM or vending machine serverVS, the conformity to current electronic value is guaranteed in the sameway already described above like when an electronic value update historyis lost in an exchange between electronic purses.

[0279] According to the above embodiment, it can be detected that anelectronic value in an electronic purse is transcribed in an improperway as electronic bank server EBS manages both electronic value of anelectronic purse and an electronic bank account.

[0280] Also, when an exchange of electronic value is performed betweenelectronic purses in a local way, properness of a digital signature of auser performing a transaction is confirmed only between electronicpurses by verifying electronic bank signature EBS, not inquiringelectronic bank server EBS every time. Accordingly, network traffic willnot increase.

[0281] Also, electronic bank server EBS updates electronic valuemanagement information which electronic bank server EBS manages by anotification from either one of electronic purses, so the efficiencywill improve.

[0282] Also, a time stamp is given to electronic bank server EBS intransaction, so an improper retransmission will be prevented.

[0283] D: Transformation Examples

[0284] As will be apparent from the following descriptions, a variety ofmodifications are possible with respect to the present invention, andthe invention is not to be taken as being limited to the embodimentsdescribed.

[0285] (1) A Form of Mobile Station MS

[0286] Mobile station MS only has to be a portable terminal which has aradio communication function, so it can be a personal computer whichperforms data communication by connecting to a portable telephone or PDA(Personal Digital Assistance) and so on.

[0287] (2) A Communication Configuration of mobile Station, PrepaidCard, Vending Machine.

[0288] In the embodiment, mobile station MS, prepaid card PC, vendingmachine VS perform radio communication each other by using infraredrays, and wire communication is also possible.

[0289] For example, mobile station 50 usually comprises a 16-coreconnector which performs input and output of a serial signal, andprepaid card PC and vending machine VS may also perform datacommunication by connecting to cable mutually if the same connector isinstalled in both.

[0290] (3) An Installation Configuration of Each Server

[0291] In the previous embodiment, electronic bank server EBS wasinstalled on mobile network MN, and registration authority server RA,certificate authority server CA, and directory server DS were installedon internet INET. But, each server can be installed on any network.

[0292] (4) Generation of a Key Pair

[0293] In the embodiment, registration authority server RA generates akey pair of a user, and transcribes it in UIM1, but it is not limited tothis method. For example, it can be generated in a production factory ofUIM1, and transcribed in advance, or it can be performed by a key pairgenerating function installed in UIM1. Also, registration authorityserver RA may request an authority like certification authority serverCA to generate a key pair, and transmit the key pair.

[0294] (5) Storage Capacity of UIM1 or Prepaid Card PC

[0295] As described above, an electronic purse such as UIM1 and prepaidcard PC about storage capacity has some cases:

[0296] For example, all of the electronic value update history may notbe stored because of shortage of storage capacity, or a fault may occurin a memory device of electronic value update history because of systemtrouble. In these cases, electronic value update history may be lost. Apart of electronic value update information may be lost by a malicioususer as a case like only electronic value update history which a userpaid is deleted.

[0297] By the way, in the embodiment, when electronic value updatehistory of either a payer or a recipient is transmitted to electronicbank server EBS, both (a payer and a recipient) of the proper electronicvalue amount are updated.

[0298] However, both of the (a payer and a recipient) electronic valueupdate history are lost, electronic bank server EBS cannot understand anexchange of electronic value. In this case, to assume that a transactionis not performed from the beginning, current electronic value amount inUIM in each electronic purse is obliged to conform to electronic valueamount of an electronic purse which electronic bank server EBS managesat the moment when each electronic purse accesses electronic bank serverEBS after transaction. That is to say, electronic value information ofan electronic purse is conformed to the electronic value information ofan electronic bank. If a means to guarantee conformity is comprised asdescribed above, mobile station MS can delete electronic value updatehistory from the older date one in transaction by using electronic valueafter that when detecting to accumulate electronic value update historycorresponding in volume to storage capacity of an electronic purse.

[0299] Also, mobile station MS may be obliged to transmit the electronicvalue update history to electronic bank server EBS when searching toaccumulate the electronic value update history corresponding in volumeto a storage capacity of an electronic purse. The electronic valueinformation of the electronic purse will be the same as the one of anelectronic bank by the above. Also, mobile station MS may not perform atransaction using an electronic value after searching to accumulate anelectronic value update history corresponding to storage capacity of anelectronic purse. In this case, mobile station MS performs a process todisplay this transaction message on display; and notify it to a user.

[0300] (6) A Communication Means Between Mobile Station MS and PrepaidCard

[0301] A local communication means between mobile station MS and prepaidcard PC is not only limited to infrared communication described above,for example, Bluetooth communication (registered trademark), can also beused. Of course, a local communication means between mobile station MSand vending machine VM can be performed by any other radio communicationmeans, not only by infrared communication.

1. An electronic value system having a plurality of communicationterminals, each of which comprises: a memory for storing an electronicvalue, a communication means which performs transmission and receptionof said electronic value to outside nodes, thereby acting as anelectronic purse of a user; an electronic bank account holding meansprovided in a server on a network for accumulating electronic values ineach electronic bank account assigned to each user; a transfer means fortransferring said electronic value to a memory of said electroniccommunication terminals from said electronic bank account holding meansvia said network; a transaction log notification means for transmittinga transaction log showing details of a transaction performed by saidcommunication terminal using said electronic value; and a purse balanceinformation management means for memorizing balance information of saidelectronic value stored in a memory of said communication terminalprovided in said network, receiving a transaction log transmitted fromsaid transaction log notification means, and updating balanceinformation of said electronic value related to said transaction log. 2.An electronic value system according to claim 1, wherein said pluralityof communication terminals include said first communication terminal andsaid second communication terminal, each of which performs transmissionand reception of said electronic value; wherein said first communicationterminal transmits to said second communication terminal its ownidentification information with said electronic value stored in saidmemory; wherein said second communication terminal receives saidelectronic value transmitted from said first communication terminal andsaid identification information of said first communication terminal,and transmits said its own identification information to said firstcommunication terminal; wherein said transaction log notification meanstransmits an electronic value amount which is said transmitted and saidreceived, and identification information of said first and secondcommunication terminal as said transaction log from either of said firstcommunication terminal or said second communication terminal to saidpurse balance information management means; and wherein said pursebalance information management means updates balance information of saidelectronic value based on said transmitted transaction log.
 3. Anelectronic value system according to claim 2, wherein said firstcommunication terminal and said second communication terminal eachinclude a log accumulation means for accumulating transaction logs onsaid transactions; and wherein when either said first communicationterminal or said second communication terminal accumulates transactionlogs equal in volume to a storage capacity of said log accumulationmeans, neither transmission nor reception of an electronic value to saidoutside nodes are carried out.
 4. An electronic value system accordingto claim 2, wherein said first communication terminal and said secondcommunication terminal include a log accumulation means for accumulatingtransaction logs on said transactions; and wherein when either saidfirst communication terminal or said second communication terminalaccumulates transaction logs equal in volume to a storage capacity ofsaid log accumulation means, transaction logs having a date and timeprior to that of a current date and time are erased during a transactionin which a current transaction log is accumulated.
 5. An electronicvalue system according to claim 2, wherein said first communicationterminal and second communication terminal include said log accumulationmeans for accumulating said transaction log on said transaction; andwherein said transaction log notification means transmits saidtransaction log to said purse balance information management means wheneither said first communication terminal or said second communicationterminal accumulates said transaction log equal in volume to saidstorage capacity of said log accumulation means.
 6. An electronic valuesystem according to claim 2, wherein said communication terminal is amobile communication terminal stored in a mobile network, said networkis said mobile network, and said first communication terminal and saidsecond communication terminal communicate by radio.
 7. An electronicvalue system according to claim 1, wherein said communication terminalis a mobile communication terminal stored in a mobile network, and saidnetwork is said mobile network.
 8. An electronic value system accordingto claim 1, wherein said communication terminal is a mobilecommunication terminal stored in a mobile network, and a memory of saidcommunication terminal is an IC card installed in said communicationterminal.
 9. An electronic value system according to claim 1, whereinsaid communication terminal attaches a transmission date and time tosaid electronic value when transmitting said electronic value.
 10. Anelectronic value system according to claim 1, wherein said communicationterminal comprises a security means for performing electronicauthentication, encryption and decryption by using a key for saidelectronic value, and an update means to update said key regularly whenperforming transmission and reception of an electronic value.
 11. Anelectronic value system for performing transmission and reception of anelectronic value which is electronic money information between a firstcommunication terminal and a second communication terminal, said firstcommunication terminal comprising: a memory for storing said electronicvalue, identification information of said issuer who issued saidelectronic value, and a digital signature provided by said issuer tosaid identification information; and a transmission means fortransmitting said identification information of the issuer and a digitalsignature with said stored electronic value to said second communicationterminal, said second communication terminal comprising: a receivingmeans for receiving identification information of said issuer and adigital signature; and a confirmation means for confirming validity ofsaid first communication terminal by verifying said received digitalsignature, and by confirming that said electronic value transmitted fromsaid first communication terminal is issued by said issuer.
 12. Anelectronic value system according to claim 11, wherein said secondcommunication terminal comprises a memory for storing said electronicvalue, identification information of said issuer who issued saidelectronic value, and a digital signature transmitted by said issuer forsaid identification information, and a transmission means fortransmitting identification information of said issuer stored previouslyand a digital signature to said first communication terminal further;and wherein said first communication terminal comprises an obtainingmeans for obtaining identification information of said issuer stored ina memory of said second communication terminal and a digital signatureprovided by said issuer before transmitting said electronic value tosaid second communication terminal, and a confirmation means forconfirming authenticity of said second communication terminal byverifying said obtained digital signature, and by confirming that saidelectronic value in a memory of said second communication terminal isissued by the issuer.
 13. An electronic value system according to claim11, wherein said first communication terminal and said secondcommunication terminal comprise a log accumulation means foraccumulating said transaction log related to their own transaction; andwherein at least, either said first communication terminal or saidsecond communication terminal transmits said accumulated transaction logto said outside nodes managing balance information of said electronicvalue, which information said first or said second communicationterminal memorizes when accumulating said transaction log equal involume to a storage capacity of said log accumulation means.
 14. Anelectronic value system according to claim 11, wherein said firstcommunication terminal and said second communication terminal performtransmission and reception of electronic values by radio.
 15. Anelectronic value system according to claim 11, wherein at least, eithersaid first communication terminal or said second communication terminalis a mobile communication terminal in a mobile network.
 16. Anelectronic value system according to claim 11, wherein said secondcommunication terminal is installed in a vending machine.
 17. Anelectronic value system according to claim 11, wherein the communicationterminal attaches a transmission date and time to said electronic valuewhen transmitting said value.
 18. An electronic value system accordingto claim 11, wherein said communication terminal comprises a securitymeans for performing electronic authentication, encryption anddecryption by using a key for said electronic value, and an update meansfor updating said key regularly when performing transmission andreception of said electronic value.
 19. A communication terminalcomprising: a memory for storing an electronic value which is electronicmoney information and its own identification information therefor; acommunication means for performing transmission and reception of saidelectronic value between outside nodes; an identification informationexchange means for transmitting its own identification informationstored in said memory to said outside nodes, and to obtainidentification information of said outside nodes from said outsidenodes; and a log accumulation means, as a transaction log, foraccumulating said electronic value amount whose transmission andreception are performed between said outside nodes, said identificationinformation, and identification information of said outside nodes.
 20. Acommunication terminal according to claim 19, wherein a communicationterminal does not perform transmission and reception of said electronicvalue between said outside nodes when it accumulates a transaction logequal in volume to a storage capacity of said log accumulation means.21. A communication terminal according to claim 20, wherein when acommunication terminal accumulates said transaction log corresponding toa storage capacity of said log accumulation means, said transaction logis erased from the oldest one of transmission date and time intransmission and reception of said electronic value after accumulatingsaid transaction log.
 22. A communication terminal according to claim21, wherein when a communication terminal accumulates said transactionlog equal in volume to a storage capacity of said log accumulationmeans, a communication terminal transmits said accumulated transactionlog to an outside device to confirm authenticity of said transmissionand reception of said electronic value by using said transaction log.23. A communication terminal according to claim 19, wherein saidcommunication terminal comprises a security means for performing aprocess of electronic authentication, encryption and decryption by usinga key for said electronic value, and an updating means for updating saidkey regularly when performing transmission and reception of saidelectronic value.
 24. A communication terminal according to claim 19,wherein when a communication terminal transmits said electronic value tosaid outside nodes, a communication terminal attaches a transmissiondate and time to said electronic value.
 25. A communication terminalaccording to claim 19, wherein said communication means performstransmission and reception of said electronic value between said outsidenodes by radio.
 26. A communication terminal according to claim 19,wherein said communication terminal is a mobile communication terminalin a mobile network, and said memory is an IC card installed in thecommunication terminal.
 27. A communication terminal comprising: amemory for storing an electronic value which is electronic moneyinformation; identification information of an issuer of the electronicvalue, and a digital signature provided by the issuer to theidentification information a communication means for performingtransmission and reception of said electronic value between outsidenodes; an attachment means for attaching to electronic value,identification information of said issuer and said digital signature tobe transmitted to said outside nodes by said communication means; and aconfirmation means for confirming authenticity of said electronic valueby verifying identification information of said issuer to be attached toelectronic value received from said outside nodes by said communicationmeans, and said digital signature.
 28. A communication terminalaccording to claim 27, wherein said communication terminal comprises asecurity means for performing electronic authentication, encryption anddecryption of said electronic value by using a key, and updating meansfor updating said key regularly when performing transmission andreception of said electronic value.
 29. A communication terminalaccording to claim 27, wherein when a communication terminal transmitssaid electronic value to said outside nodes, said communication terminalattaches a transmission date and time to said electronic value.
 30. Acommunication terminal according to claim 27, wherein said communicationmeans performs transmission and reception of said electronic valuebetween said outside nodes by radio.
 31. A communication terminalaccording to claim 27, wherein said communication terminal is a mobilecommunication terminal in a mobile network, and said memory is an ICprovided in the communication terminal.
 32. A server comprising: a meansof transfer for transferring via said network, an electronic bankaccount holding means for accumulating said electronic value intoelectronic bank account assigned to users, a memory for storing saidelectronic value, and an electronic value accumulated by said electronicbank account holding means to a communication terminal comprising acommunication means for performing transmission and reception of saidelectronic value between said outside nodes; a purse balance informationmanagement means for memorizing balance information of said electronicvalue stored in a memory of said communication terminal; a log obtainingmeans for obtaining a transaction log showing details of a transactionby using said electronic value in said communication terminal via saidnetwork from said communication terminal; and a purse balanceinformation update means for updating balance information of saidelectronic value memorized by said purse balance information memorymeans on a basis of said obtained transaction log.
 33. A serveraccording to claim 32, wherein said server comprises an electronicauthentication means for giving an electronic authentication by a keywhich said server memorizes for said transmitted electronic valueinformation.